<?php
$sanitize_all_escapes = true;
$fake_register_globals = false;
require_once("globals.php");
include_once("$srcdir/sql.inc");


$query = "SELECT uf.facility_id FROM users u, users_facility uf WHERE u.id = ". $_SESSION['authUserID'] . " AND u.id = uf.table_id " ;
$res = sqlStatement($query);
$row = sqlFetchArray($res);
$facility = $row['facility_id'];
//$facility = $_SESSION[''];

$search = $_REQUEST['q'];
$query = "SELECT * FROM patient_data pd inner join patient_facility pf on (pd.pid = pf.pid) WHERE (pd.fname like '%" . $search . "%' or pd.lname like '%" . $search . "%' or pd.pubpid like '%".$search."%') AND pf.facility_id = ".$facility." order by pd.fname asc";
//echo $query;
$data = query_paciente($query);
//echo $query;
//$result = "Maria|1\n";

if (is_array($data)) {
    foreach ($data as $valor) {
        $val1 = $valor["fname"] . " " . $valor["lname"] . " (" .$valor["pubpid"]. ")";
        $val2 = $valor["pid"];
        $result .= $val1 . "|" . $val2 . "\n";
    }
}
echo str_replace(",]", "]", $result);

function query_paciente($query) {
    ob_start();
    $res = sqlStatement($query);
    if ($res) {
        for ($iter = 0; $row = sqlFetchArray($res); $iter++) {
            $all[$iter] = $row;
        }
    }
    $v = ob_get_clean();
    return $all;
}

?>